The top 25 Worst Passwords of 2012

One thing I like to do when a new password list is dumped from a hacker attack is to analyze them for patterns with a program like Pipal. Every year Splashdata takes a look at all of the passwords dumped over the year and provides a list of the worst passwords that exist. These passwords are short, simple or easily guessable.

So without further delay, here are the top 25 passwords NOT to use on your system according to Splashdata:

#              Password                Change from 2011

1               password                Unchanged
2               123456                    Unchanged
3               12345678                 Unchanged
4               abc123                    Up 1
5               qwerty                    Down 1
6               monkey                   Unchanged
7               letmein                   Up 1
8               dragon                    Up 2
9               111111                     Up 3
10             baseball                   Up 1
11             iloveyou                   Up 2
12             trustno1                  Down 3
13             1234567                   Down 6
14             sunshine                  Up 1
15             master                     Down 1
16             123123                     Up 4
17             welcome                  New
18             shadow                    Up 1
19             ashley                      Down 3
20             football                   Up 5
21             jesus                       New
22             michael                   Up 2
23             ninja                       New
24             mustang                  New
25             password1               New

New this year is the password compared to its position from last year. As you can see people are still using many of the same, easy to guess passwords year after year.

We have shown several password dumps analyzed with Pipal over the last few years and be it a small password dump of 20,000 or a large one of over 400,000, the top ten passwords are usually the same.

I can see why “password, 124567, and abc123” are always at the top of the list, but what in the world is people’s fascination with the password “Monkey”? It has always shown up in the top ten list of passwords used in every test that we have run.

Needless to say if you use any of these 25 passwords, change them now. Long complex passwords using upper and lower case letters, numbers and special characters are always the best way to go. As complex passwords reach 10 or greater characters the time it takes to crack them increases immensely.

On Windows based systems it is recommended to use 15 or more characters for your passwords. As on some older systems, 14 characters or less can be cracked in a very short amount of time (as few as 5 seconds!) if the password hashes can be obtained and if the system allows weak LM hashes.

~ by D. Dieterle on October 26, 2012.

One Response to “The top 25 Worst Passwords of 2012”

  1. […] interesting as there are 10 passwords that are almost ALWAYS in the top ten and none of them were in this list. Okay, “password” was used as a base word, but other […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: